about summary refs log tree commit diff
path: root/manual/examples/mbstouwcs.c
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2018-04-05 12:52:19 +0200
committerFlorian Weimer <fweimer@redhat.com>2018-04-05 12:52:19 +0200
commitcf138b0c83b3210990b29772e2af5982fb0e3c26 (patch)
tree075a78aa20aec46bf3d989d28642826bc2989bee /manual/examples/mbstouwcs.c
parent0f339252697e6dcfc9e00be6cd8272d4260b90d2 (diff)
downloadglibc-cf138b0c83b3210990b29772e2af5982fb0e3c26.tar.gz
glibc-cf138b0c83b3210990b29772e2af5982fb0e3c26.tar.xz
glibc-cf138b0c83b3210990b29772e2af5982fb0e3c26.zip
manual: Various fixes to the mbstouwcs example, and mbrtowc update
The example did not work because the null byte was not converted, and
mbrtowc was called with a zero-length input string.  This results in a
(size_t) -2 return value, so the function always returns NULL.

The size computation for the heap allocation of the result was
incorrect because it did not deal with integer overflow.

Error checking was missing, and the allocated memory was not freed on
error paths.  All error returns now set errno.  (Note that there is an
assumption that free does not clobber errno.)

The slightly unportable comparision against (size_t) -2 to catch both
(size_t) -1 and (size_t) -2 return values is gone as well.

A null wide character needs to be stored in the result explicitly, to
terminate it.

The description in the manual is updated to deal with these finer
points.  The (size_t) -2 behavior (consuming the input bytes) matches
what is specified in ISO C11.
Diffstat (limited to 'manual/examples/mbstouwcs.c')
-rw-r--r--manual/examples/mbstouwcs.c49
1 files changed, 37 insertions, 12 deletions
diff --git a/manual/examples/mbstouwcs.c b/manual/examples/mbstouwcs.c
index 5d223da2ae..c94e1fa790 100644
--- a/manual/examples/mbstouwcs.c
+++ b/manual/examples/mbstouwcs.c
@@ -1,3 +1,4 @@
+#include <stdbool.h>
 #include <stdlib.h>
 #include <string.h>
 #include <wchar.h>
@@ -7,22 +8,46 @@
 wchar_t *
 mbstouwcs (const char *s)
 {
-  size_t len = strlen (s);
-  wchar_t *result = malloc ((len + 1) * sizeof (wchar_t));
+  /* Include the null terminator in the conversion.  */
+  size_t len = strlen (s) + 1;
+  wchar_t *result = reallocarray (NULL, len, sizeof (wchar_t));
+  if (result == NULL)
+    return NULL;
+
   wchar_t *wcp = result;
-  wchar_t tmp[1];
   mbstate_t state;
-  size_t nbytes;
-
   memset (&state, '\0', sizeof (state));
-  while ((nbytes = mbrtowc (tmp, s, len, &state)) > 0)
+
+  while (true)
     {
-      if (nbytes >= (size_t) -2)
-        /* Invalid input string.  */
-        return NULL;
-      *wcp++ = towupper (tmp[0]);
-      len -= nbytes;
-      s += nbytes;
+      wchar_t wc;
+      size_t nbytes = mbrtowc (&wc, s, len, &state);
+      if (nbytes == 0)
+        {
+          /* Terminate the result string.  */
+          *wcp = L'\0';
+          break;
+        }
+      else if (nbytes == (size_t) -2)
+        {
+          /* Truncated input string.  */
+          errno = EILSEQ;
+          free (result);
+          return NULL;
+        }
+      else if (nbytes == (size_t) -1)
+        {
+          /* Some other error (including EILSEQ).  */
+          free (result);
+          return NULL;
+        }
+      else
+        {
+          /* A character was converted.  */
+          *wcp++ = towupper (wc);
+          len -= nbytes;
+          s += nbytes;
+        }
     }
   return result;
 }